I. Overview

The HUAWEI CLOUD security team noticed that Microsoft has released a patch to fix the Internet Explorer (IE) component jscript.dll. The jscript.dll is a script engine working in the IE. A remote code execution vulnerability (CVE-2019-1367) exists in the way that the scripting engine handles objects in memory in IE. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. Active attacks have been discovered.

Reference links:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

IE 9, IE 10, and IE 11 available in the following Windows OSs are affected.

Windows 8.1

Windows 10

Windows Server 2012

Windows Server 2012 R2

Windows Server 2008

Windows Server 2016

Windows Server 2019

IV. Solutions

Microsoft official patch is available. Download the patch at the following address:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

You can also use the automatic update function of Windows to check and install the patch.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.